Microsoft Sentinel Skills

You're watching ITProTV. [MUSIC] [BLANK_AUDIO] Hello everybody welcome. We are talking about the Microsoft Sentinel skills course and we are glad to welcome you to it. My name is Adam Gordon, I'm an entertainer here at ITProTV. I'm gonna be your tour host, your tour guide. Well the person who's gonna lead you through everything you wanna know about Microsoft Sentinel in this course. I'm excited because we're taking into approach, we're doing a hands on skill spotlight kind of a focus on Microsoft Sentinel. That by the way, you may know this product is as your Sentinel or a Microsoft Sentinel and underwent a name change in early 2022. It's now called Microsoft Sentinel still the same product by the way. Although there are a bunch of new features that have been added due to things like the integration of the miter attack framework. The tactics and techniques that the meteor framework provides allowing us to do incident response but also incident analysis. Incident identification have been fully integrated. We've got a bunch of new features to support that will be taking a look at those kind of things. And we're gonna structure this course using three specific areas that we will focus or drill down on architecture. What do we need to know from a prerequisites perspective? So what are the dues and don't associated with setting up and getting ready to install an onboard a Azure or now Microsoft Sentinel instance. You wanna know about things like the log analytics workspace, how we connect the log analytics workspace, how we use it, but also potentially how we can constrain it. So we're not gonna run up a whole bunch of additional charges that we may not wanna pay. On an ongoing basis, we'll take a look at those kind of things. We'll also take a look at how to leverage a single resource group flowing all of our resources associated with the log analytics workspace. And more broadly with the sentinel solution putting all that together in one place so that we get the benefit of using the built in roles through role based access control are back. And see how to leverage access control to its fullest being able to scope. And as a result, taylor needs of our individual incident responders, analysts and users of the platform giving them the right level of access based on a series of built in roles. And perhaps customizing those roles if necessary, but also excluding to the best of our ability possibility that we may open that system up to people that don't belong there. That's gonna take a quick look at costs and the cost benefit analysis of using sentinel. We have to be aware of that but we also have to understand how to manage costs using things like budgets. And also using the cost analysis tool that Microsoft provides free of charge to understand potentially and forecast ahead what those implementations may look like before we decide to commit to a course of action. Whether it is pay as you go or perhaps some sort of aggregated minimum commitment of data flow and paying for that. And then as a result, getting a essentially a scaled benefit by having a discount based on that 100 gigs and above, we'll take a look at all that. We're also gonna talk about deployments, how do we actually stand up this particular solution? How do we install a sentinel workspace, get it up and running and end? And then how do we get acquainted? There's all sorts of new features, new nooks and crannies in that particular integration of the miter attack framework and the workspace. We wanna take full advantage of them. I'm gonna walk you through all the highlights there, give the insight of the amount of time years at this point that I've spent working with Microsoft products overall. But also specifically doing sentinel implementations for customers in the field and teaching students all over the world how to use sentinel. And finally, we'll focus on what I think is the most exciting portion of the course. The how do I section where I've put together a top x list right now, there's about seven or eight items in there over time. That list will grow as new features are added. These are things I get asked about all the time when I'm in the field working with customers. Once we stand up sentinel, how do we actually do the things we have to do under the hood to optimize it? And to really get the full benefit of that investment of the technology as well as the protective measures it provides. Things like using the out of box content hub features to add new vendor capabilities. That's a new marketplace Microsoft providing specific to the Sentinel platform. We'll show you how to leverage it, how to turn on and use user entity behavior analytics. Hiba how to use fusion rules to be able to find multistage attacks and how to do anomalous behavior detection using a series of analytics rules all that. And ever so much more will be discussed in the how do I section one episode per specific task. Really deeply diving in rolling up our sleeves, telling you what you need to do, how you need to do it and where do you need to go to get the job done? I'm excited, hopefully you are as well, I can't wait to get started. All I need is for you to watch the beginning of our course by getting out of this episode moving to the next one and following along with me. I'll be ready and waiting, I hope you're excited and I'll see you there. [BLANK_AUDIO] Thank you for watching ITProTV. [BLANK_AUDIO]